portal/app/tests/Feature at 6933ddc5381f75904c7a643e4bb61ff92033dcaa - portal - Gitea: Git with a cup of tea

liderra/portal

Files

T

History

Дмитрий 6933ddc538 fix(security): SSRF-гард на сохранении webhook target_url (защита будущей доставки)

- update(): WebhookUrlGuard блокирует сохранение private/reserved/loopback IP →
  422 validation error на target_url; небезопасные адреса не попадают в БД,
  любой будущий потребитель (test() + outbound-доставка) читает только безопасные
- NB: будущая outbound-доставка обязана ВДОБАВОК звать guard перед отправкой
  (DNS-rebinding); outbound-pipeline пока не построен (комментарий в update())
- тесты: +PUT private-IP→422 не сохраняет; webhook target_url → публичные
  IP-литералы (убрал DNS-резолюцию example.ru-хостов, webhook-suite 93s→5s)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-22 03:25:16 +03:00

..

feat(admin): supplier projects list (orderers, last delivery) + bulk delete

2026-05-20 14:34:23 +03:00

feat(projects): RegionsBulkDialog — subject-level regions (89 RF subjects) #1426

2026-05-18 03:41:46 +03:00

test(auth): UpdateProfileTest — 422 coverage for empty last_name (review M1)

2026-05-15 21:30:13 +03:00

fix(billing): runwayDays clamps negative balance to 0 + type-filter test (Task 2 review)

2026-05-16 07:24:34 +03:00

feat(commands): Plan 4 Task 5 — ResetMonthlyCountersCommand + Schedule monthlyOn(1, 00:00) МСК

2026-05-11 10:28:13 +03:00

feat(supplier): supplier_manual_sync_queue table (Tier 3 queue)

2026-05-19 12:55:06 +03:00

fix(http): timestamp validation ±24h для partition guard (Plan 2.6 #iii)

2026-05-10 23:11:26 +03:00

feat(deals): sweep 14->5 funnel slugs — controllers, mocks, stories, tests

2026-05-18 03:42:41 +03:00

fix(tests): sync 3 stale эпик-тестов + schema.sql header под Plans 1-3 (v8.26)

2026-05-20 19:23:13 +03:00

refactor(tests): consolidate linkProjectToSupplier helper to tests/Pest.php (Plan 2 review I-1/I-2)

2026-05-20 11:52:47 +03:00

fix(tests): RefreshDatabase on LookupsTest + ProjectExtensionsTest — close quirk #62

2026-05-14 05:29:34 +03:00

phase2(notifications-stage6): low_balance + zero_balance + topup + invoice email/inapp

2026-05-09 12:51:32 +03:00

fix(tests): sync 3 stale эпик-тестов + schema.sql header под Plans 1-3 (v8.26)

2026-05-20 19:23:13 +03:00

fix(supplier): SyncSupplierProjectJob → pgsql_supplier (BYPASSRLS) — иначе queue-воркер падает 42704

2026-05-21 15:49:59 +03:00

feat(projects): hard delete with deals-guard, replace archive

2026-05-21 08:08:33 +03:00

feat(deals): sweep 14->5 funnel slugs — controllers, mocks, stories, tests

2026-05-18 03:42:41 +03:00

feat(rules): add Signal validators (Domain, Phone, SmsSender) with comprehensive datasets

2026-05-10 17:05:19 +03:00

feat(supplier): retime supplier sync crons 20:30→18:00, 20:15→17:45

2026-05-19 12:55:09 +03:00

refactor(tests): consolidate linkProjectToSupplier helper to tests/Pest.php (Plan 2 review I-1/I-2)

2026-05-20 11:52:47 +03:00

fix(supplier): перевод кодов регионов Лидерра→поставщик (конституционный→ГИБДД)

2026-05-21 15:50:18 +03:00

AdminBillingActionsTest.php

fix(admin): G4 review — lockForUpdate on refund balance + self-contained tariff tests

2026-05-16 14:09:53 +03:00

AdminBillingIndexTest.php

phase2(admin-billing): GET /api/admin/billing + AdminBillingView API (этап 3/5)

2026-05-09 09:28:49 +03:00

AdminIncidentRknNotifyTest.php

feat(admin): G6 backend — incident РКН-notify endpoint

2026-05-16 14:09:53 +03:00

AdminIncidentShowTest.php

feat(admin): G5 backend — incident detail endpoint

2026-05-16 14:09:53 +03:00

AdminIncidentsIndexTest.php

fix(backend): tenant middleware на auth-routes + HasPasswordRules trait + test password (audit P0-01 + O-refactor-03 + P2-01)

2026-05-09 18:22:30 +03:00

AdminSystemSettingsTest.php

phase2(7-features): bulk-actions / new-deal / tenant-card / system-edit / webhook / smart-filters / impersonation-list

2026-05-09 05:33:21 +03:00

AdminTenantShowTest.php

feat(deals): sweep 14->5 funnel slugs — controllers, mocks, stories, tests

2026-05-18 03:42:41 +03:00

AdminTenantsIndexTest.php

phase2(admin-tenants-mrr): mrr_rub в /api/admin/tenants (этап 7)

2026-05-09 10:08:12 +03:00

ApiKeyControllerTest.php

refactor(api): ApiKeyController index() excludes expired keys (review M1)

2026-05-15 22:06:14 +03:00

DashboardSummaryTest.php

fix(security): закрыть открытые эндпоинты + SSRF-гард webhook перед go-live

2026-05-21 19:15:05 +03:00

DealCreateTest.php

test(deals): drop obsolete ids-based export tests from DealCreateTest (superseded by DealExportTest)

2026-05-18 03:42:40 +03:00

DealDestroyTest.php

feat(api): J1 — auth:sanctum+tenant middleware на /api/deals*

2026-05-16 15:18:13 +03:00

DealExportTest.php

test(deals): drop obsolete ids-based export tests from DealCreateTest (superseded by DealExportTest)

2026-05-18 03:42:40 +03:00

DealIndexTest.php

feat(deals): sweep 14->5 funnel slugs — controllers, mocks, stories, tests

2026-05-18 03:42:41 +03:00

DealModelTest.php

phase1(webhook): Deal/WebhookDedupKey + ProcessWebhookJob (advisory lock) — CTO-17 addendum

2026-05-08 15:24:55 +03:00

DealRestoreTest.php

feat(api): J1 — auth:sanctum+tenant middleware на /api/deals*

2026-05-16 15:18:13 +03:00

DealShowTest.php

feat(deals/drawer): убрать «Менеджер», добавить «Тип» + «Источник» read-only

2026-05-18 15:24:57 +03:00

DealTransitionTest.php

feat(deals): sweep 14->5 funnel slugs — controllers, mocks, stories, tests

2026-05-18 03:42:41 +03:00

DealUpdateTest.php

feat(deals): sweep 14->5 funnel slugs — controllers, mocks, stories, tests

2026-05-18 03:42:41 +03:00

DemoSeederTest.php

fix(dev): A8 review — production-guard в DemoSeeder + точность README/теста (Sprint 5A)

2026-05-17 02:23:26 +03:00

EndpointAuthHardeningTest.php

fix(security): закрыть открытые эндпоинты + SSRF-гард webhook перед go-live

2026-05-21 19:15:05 +03:00

ExampleTest.php

phase1(scaffold): Laravel 11 + predis + .env под PG 16 + Memurai

2026-05-08 09:37:16 +03:00

ImpersonationTest.php

phase2(7-features): bulk-actions / new-deal / tenant-card / system-edit / webhook / smart-filters / impersonation-list

2026-05-09 05:33:21 +03:00

LeadStatusesFunnelTest.php

feat(deals): migration — remap deals.status + drop obsolete lead_statuses (14->5)

2026-05-18 03:42:41 +03:00

LeadStatusesIndexTest.php

fix(security): закрыть открытые эндпоинты + SSRF-гард webhook перед go-live

2026-05-21 19:15:05 +03:00

LookupsTest.php

fix(security): закрыть открытые эндпоинты + SSRF-гард webhook перед go-live

2026-05-21 19:15:05 +03:00

PartitionsCreateMonthsTest.php

phase2(2fa-setup): wizard init+confirm+disable+regenerate в SettingsView/SecurityTab

2026-05-09 04:03:02 +03:00

ProcessWebhookJobTest.php

phase1(webhook): failed() callback + FailedWebhookJob модель — упавшие jobs после 3 ретраев

2026-05-08 15:52:47 +03:00

RedisCacheStoreIsolationTest.php

fix(tests): redis cache store -> array driver in test env (kill quirk 72)

2026-05-16 09:57:32 +03:00

ReminderControllerTest.php

phase2(reminders-backend): CRUD + cron-диспетчер + email/inapp (P0 этап 4)

2026-05-09 12:30:38 +03:00

RemindersDispatchDueTest.php

phase2(reminders-backend): CRUD + cron-диспетчер + email/inapp (P0 этап 4)

2026-05-09 12:30:38 +03:00

RlsSmokeTest.php

phase1(rls-smoke): CTO-13 — Pest 4 RLS smoke-test (4/4 passed, 662 ms)

2026-05-08 14:00:43 +03:00

SaasAdminMiddlewareTest.php

feat(api): J2 — стаб-гейт EnsureSaasAdmin на /api/admin/*

2026-05-16 15:01:07 +03:00

SetTenantContextTest.php

phase1(eloquent): Tenant/User/Project models + SetTenantContext middleware

2026-05-08 14:29:50 +03:00

TenantModelsTest.php

phase1(eloquent): Tenant/User/Project models + SetTenantContext middleware

2026-05-08 14:29:50 +03:00

WebhookReceiveTest.php

fix(security): harden impersonation/webhook/tenant — audit A2/A3/B3/C2

2026-05-15 19:16:13 +03:00

WebhookSettingsControllerTest.php

fix(security): SSRF-гард на сохранении webhook target_url (защита будущей доставки)

2026-05-22 03:25:16 +03:00

WebhookSsrfGuardTest.php

fix(security): закрыть открытые эндпоинты + SSRF-гард webhook перед go-live

2026-05-21 19:15:05 +03:00